#!/bin/sh set -e PREREQ="cryptroot" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac . /usr/share/initramfs-tools/hook-functions # Hooks for loading Gnupg software and key into the initramfs # Check whether cryptroot hook has installed decrypt_gnupg_sc script if [ ! -x ${DESTDIR}/lib/cryptsetup/scripts/decrypt_gnupg_sc ] ; then exit 0 fi # Install cryptroot key files into initramfs keys=$(sed 's/^\(.*,\|\)key=//; s/,.*//' ${DESTDIR}/conf/conf.d/cryptroot) if [ "${keys}" != "none" ]; then if [ -z "${keys}" ]; then echo "$0: Missing key files in ${DESTDIR}/conf/conf.d/cryptroot" >&2 cat ${DESTDIR}/conf/conf.d/cryptroot >&2 exit 1 fi for key in ${keys} ; do keydir=$(dirname ${key}) echo "WARNING: GnuPG key $key is copied to initramfs" >&2 echo "WARNING: GnuPG secret keyring ${keydir}/secring.gpg is copied" \ "to initramfs" >&2 if [ ! -d ${DESTDIR}/${keydir} ] ; then mkdir -p ${DESTDIR}/${keydir} fi chmod 700 ${DESTDIR}/${keydir} cp -p ${key} ${DESTDIR}/${key} cp -p ${keydir}/pubring.gpg ${DESTDIR}/${keydir} cp -p ${keydir}/secring.gpg ${DESTDIR}/${keydir} if [ -e ${keydir}/gpg.conf ] ; then cp -p ${keydir}/gpg.conf ${DESTDIR}/${keydir} fi done fi # Install gnupg software copy_exec /usr/bin/gpg copy_exec /usr/bin/gpg copy_exec /usr/bin/gpg-agent # some more libs for pcscd copy_exec /usr/sbin/pcscd copy_exec /usr/lib/pcsc/drivers/serial/libccidtwin.so copy_exec /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so copy_exec /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist copy_exec /etc/libccid_Info.plist if uname -r | grep -q amd64; then copy_exec /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0 copy_exec /lib/x86_64-linux-gnu/libgcc_s.so.1 else copy_exec /usr/lib/i386-linux-gnu/libpcsclite.so.1.0.0 copy_exec /lib/i386-linux-gnu/libgcc_s.so.1 fi # we need some more stuff from gnupg2 copy_exec /usr/lib/gnupg/scdaemon copy_exec /usr/bin/pinentry exit 0